On Wed, Jan 05, 2011 at 11:01:38AM +0000, Neil Wilson wrote:
On Tue, 2011-01-04 at 16:22 +0000, Daniel P. Berrange wrote:
> Well I'd like us to have fine grained access control across users,
> objects & operations, probably using the role based access control
> model. Once you have such fine grained access control, then I
> don't believe you have a clearcut boundary between users of libvirtd
> and users of VNC. eg, you may well give the VNC admin access to the
> 'virDomainDestroy' and 'virDomainStart' commands for his own
domains,
> but not other people's domains. So I think we should think about the
> solution to the authorization problem for both libvirtd & VNC at the
> same time.
Have you got an RBAC library in mind that would take the group
management outside of libvirt (like SASL does for authentication), or
does it all need building?
There's no general library that I'm aware of that'd be suitable.
In addition to the general access control solution, we'd like to
expand our SELinux support to cover MAC of the entire API (kinda
like SEPostgreSQL).
Regards,
Daniel